YoVDO

Mapping the Minefield of Open Source Software Risks - DevOps 2024

Offered By: Conf42 via YouTube

Tags

Software Composition Analysis Courses Supply Chain Security Courses Vulnerability Management Courses Semantic Versioning Courses Semgrep Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the complexities of open source software risks in this 22-minute conference talk from Conf42 DevOps 2024. Delve into topics such as software dependencies, open source vulnerabilities, and prioritization strategies. Learn about tools like Semgrep Supply Chain and Software Composition Analysis for managing risks. Discover reachability analysis, remediation techniques, and the importance of semantic versioning. Gain practical insights on handling manifest files, dependency versions, and transitive vulnerabilities. Walk away with key takeaways and valuable resources to enhance your DevOps practices and mitigate open source software risks effectively.

Syllabus

intro
preamble
about kyle
agenda
software dependencies
open source software oss
oss vulnerabilities
an uncomfortable prioritization exercise
semgrep supply chain ssc
software composition analysis sca
one of a few ways: reachability
now what? remediation
easy wins with semantic versioning semver
manifest file dependency versions
example
transitive vulnerabilities
key takeaways
resources


Taught by

Conf42

Related Courses

Raining CVEs on WordPress Plugins with Semgrep
nullcon via YouTube Writing a Language Server in OCaml for Emacs - Fun and Profit
EmacsConf and Emacs hangouts via YouTube Detecting Malicious Dependencies at Scale with Static Analysis
OWASP Foundation via YouTube No Size Fits All: Empowering Engineers with Custom Application Security Tests
NDC Conferences via YouTube Effective SAST: Secure Code Analysis in the CI/CD
DevConf via YouTube